Contact +48 22 51 56 800 round the clock
Use the "A-", "A", "A+" buttons to decrease, reset or increase text size. You can also use keyboard shortcuts: "+" (increase), "-" (decrease), "0" (reset).
This link opens the page containing the accessibility statement and information about the site's accessibility features.
Atman logo
DORA – Operational Digital Resilience for the Financial Sector

DORA - Operational Digital Resilience for the Financial Sector

Support in Adapting to the DORA Requirements

  1. Homepage
  2. DORA - Operational Digital Resilience for the Financial Sector

Cybersecurity vs Cyber Resilience

Good ICT practice requires that cybersecurity trends are followed and that protective measures are selected according to risk exposure. In practice, this selection is usually a compromise between technological requirements, usability and budgetary constraints. It is important to remember that digital security is a constant “arms race” in which the number of potential attack vectors and breaches increases in direct proportion to overall development and technological leaps. So-called bad actors in the ICT world are familiarizing themselves with all the latest innovations and trying to use them to achieve their goals (example: supporting artificial intelligence for offensive actions).

The range of defensive measures that ensure business continuity and protect against breaches of data integrity (and confidentiality) is constantly growing. Their use determines the ability to avoid the growing cyber threat. They are complemented by measures to build digital resilience, i.e. the ability to limit the damage if the security of the ICT system is nevertheless compromised. Cyber resilience addresses all external and internal threats and requires an understanding that no digital protection system is perfect (even with full vendor support and installation of updates).ICT SecurityIn summary, cybersecurity techniques aim to minimize the risk of an attack, and a cyber resilience strategy includes measures to minimize the impact of attacks. The more closely these two categories are linked, the more comprehensive an organization’s approach to ICT security will be.

DORA

Digital Operational Resilience Act

The adopted DORA (Digital Operational Resilience Act) is a practical interpretation of a systematized approach to cyber resilience. As a regulation of the European Parliament and the EU Council on the operational digital resilience of the financial sector, it is directly applicable in all EU countries and has been in force since January 17, 2025. It introduces a single standard for ICT risk management across the EU financial market, ensures the exchange of information and draws attention to supply chain risks, including concentration risks.

Entities covered by the Regulation must define their own operational requirements, in particular when using subcontractors and external suppliers, and put in place rules to manage the associated risks. The policies and procedures implemented must include emergency management, including reporting incidents to the regulator within the specified timeframe.

External service providers identified in DORA :

  • Outsourcing service providers
  • IT service providers
  • Communications and networking service providers
  • Cloud service providers
  • Cybersecurity service providers

Key areas of activity under DORA

ICT risk management

Incident management

Cyber resilience testing

External service provider risk management

Cyber threat intelligence tracking and reporting

Supply chain risk management

How Atman Addresses DORA

As a telecommunications operator and provider of ICT services to the financial sector, among others, Atman has been working with its customers for several years to incorporate the requirements resulting from the current recommen­dations and regulations of financial market regulators into its contractual provisions and to adapt its services accordingly.

As part of the support provided in relation to DORA, Atman is ready to modify the services provided so that they are in line with the customer’s individual requirements resulting from its risk analysis and, consequently, comply with the obligations set forth in this regulation.

The workflow suggested by Atman is shown in the following matrix of responsibilities.

Action Customer Atman Supervision
1. Risk Analysis
2. Define the scope of changes
3. Submit the scope of changes to Atman
4. Assess the changes
5. Work on the contractual provisions
6. Signing of the annex to the contract
7. Implementation of changes in the provided service
8. Audits

If you are our customer and have identified the need to change contractual terms and adapt the scope of services provided to meet regulatory requirements, please send a proposal for such changes to your Account Manager in Atman so that the necessary actions can be taken.

FAQ

Enquire about a service

If you are interested in our services, please fill in the form

    --

    The legal basis for the processing of the data provided by you is the legitimate interest of the administrator, cf. Article 6(1)(f) of the GDPR, which is the proper handling of the request regarding your interest in our services.
    The controller of your personal data is Atman sp. z o.o. Click on the link to read the Privacy Policy.